after all of this, I would be very hesitant to use any multi-user system which uses markdown and which doesn't have a large security budget.

author: zotlabs <mike@macgirvin.com> 2017-03-20 19:50:09 -0700
committer: Mario Vavti <mario@mariovavti.com> 2017-03-29 14:04:04 +0200
commit: d95f7efea704069a49fc2d63a88dcba5fd80381f (patch)
tree: 5cdb99c9099ffbf0decbdd4defe8f4f51cd30511 /Zotlabs/Lib
parent: e97dd48b4c046bac86322d91a13fd55d0cf3a99f (diff)
download: volse-hubzilla-d95f7efea704069a49fc2d63a88dcba5fd80381f.tar.gz
volse-hubzilla-d95f7efea704069a49fc2d63a88dcba5fd80381f.tar.bz2
volse-hubzilla-d95f7efea704069a49fc2d63a88dcba5fd80381f.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/Zotlabs/Lib/MarkdownSoap.php b/Zotlabs/Lib/MarkdownSoap.php
index cf1446f45..e5f3c81dd 100644
--- a/Zotlabs/Lib/MarkdownSoap.php
+++ b/Zotlabs/Lib/MarkdownSoap.php
@@ -82,7 +82,7 @@ class MarkdownSoap {
 		$s = str_replace(' ','&nbsp;',$s);
 		$s = purify_html($s);
 		$s = str_replace(['&nbsp;', mb_convert_encoding('&#x00a0;','UTF-8','HTML-ENTITIES')], [ ' ', ' ' ],$s);
-		$s = str_replace(['<br>','<br />'],["\n","\n"],$s);
+		$s = str_replace(['<br>','<br />', '&lt;', '&gt;' ],["\n","\n", '<', '>'],$s);
 		return $s;
 	}
author	zotlabs <mike@macgirvin.com>	2017-03-20 19:50:09 -0700
committer	Mario Vavti <mario@mariovavti.com>	2017-03-29 14:04:04 +0200
commit	d95f7efea704069a49fc2d63a88dcba5fd80381f (patch)
tree	5cdb99c9099ffbf0decbdd4defe8f4f51cd30511 /Zotlabs/Lib
parent	e97dd48b4c046bac86322d91a13fd55d0cf3a99f (diff)
download	volse-hubzilla-d95f7efea704069a49fc2d63a88dcba5fd80381f.tar.gz volse-hubzilla-d95f7efea704069a49fc2d63a88dcba5fd80381f.tar.bz2 volse-hubzilla-d95f7efea704069a49fc2d63a88dcba5fd80381f.zip